Difference between revisions of "Scponly"

From ArchWiki
Jump to: navigation, search
m (codeline -> ic)
(update templates, see Help:Style)
Line 1: Line 1:
 
[[Category:Networking (English)]]
 
[[Category:Networking (English)]]
==Introduction==
+
{{i18n|Scponly}}
 +
 
 
Scponly is a limited shell for allowing users scp/sftp access and only scp/sftp access to your box.  Additionally, you can setup scponly to chroot the user into a particular directory increasing the level of security.
 
Scponly is a limited shell for allowing users scp/sftp access and only scp/sftp access to your box.  Additionally, you can setup scponly to chroot the user into a particular directory increasing the level of security.
  
Line 10: Line 11:
 
Scponly resides in [community] and can be installed like any other package:
 
Scponly resides in [community] and can be installed like any other package:
  
{{cli|# pacman -S scponly}}
+
{{bc|# pacman -S scponly}}
  
 
If you have a user already created, simply set the user's shell to scponly
 
If you have a user already created, simply set the user's shell to scponly
  
{{cli|# usermod -s /usr/bin/scponly username}}
+
{{bc|# usermod -s /usr/bin/scponly username}}
  
 
That's it.  Go ahead and test it using your favorite sftp client.
 
That's it.  Go ahead and test it using your favorite sftp client.
Line 21: Line 22:
  
 
* Create chroot
 
* Create chroot
{{cli|# cd /usr/share/doc/scponly/}}
+
{{bc|# cd /usr/share/doc/scponly/}}
{{cli|# ./setup_chroot.sh}}
+
{{bc|# ./setup_chroot.sh}}
 
* Provide answers
 
* Provide answers
 
* Check that /path/to/chroot has root:root owner and r-x for others
 
* Check that /path/to/chroot has root:root owner and r-x for others
 
* Change shell for selected user to /usr/sbin/scponlyc
 
* Change shell for selected user to /usr/sbin/scponlyc
 
* sftp-server may require some libnss modules such as libnss_files. Copy them to chroot's /lib
 
* sftp-server may require some libnss modules such as libnss_files. Copy them to chroot's /lib

Revision as of 12:29, 16 December 2011

This template has only maintenance purposes. For linking to local translations please use interlanguage links, see Help:i18n#Interlanguage links.


Local languages: Català – Dansk – English – Español – Esperanto – Hrvatski – Indonesia – Italiano – Lietuviškai – Magyar – Nederlands – Norsk Bokmål – Polski – Português – Slovenský – Česky – Ελληνικά – Български – Русский – Српски – Українська – עברית – العربية – ไทย – 日本語 – 正體中文 – 简体中文 – 한국어


External languages (all articles in these languages should be moved to the external wiki): Deutsch – Français – Română – Suomi – Svenska – Tiếng Việt – Türkçe – فارسی

Scponly is a limited shell for allowing users scp/sftp access and only scp/sftp access to your box. Additionally, you can setup scponly to chroot the user into a particular directory increasing the level of security.

Installation

Prerequisites

This guide assumes that you have the sshd daemon installed, configured, and running. See Secure Shell for more information.

Setup

Scponly resides in [community] and can be installed like any other package:

# pacman -S scponly

If you have a user already created, simply set the user's shell to scponly

# usermod -s /usr/bin/scponly username

That's it. Go ahead and test it using your favorite sftp client.

Adding a chroot jail

  • Create chroot
# cd /usr/share/doc/scponly/
# ./setup_chroot.sh
  • Provide answers
  • Check that /path/to/chroot has root:root owner and r-x for others
  • Change shell for selected user to /usr/sbin/scponlyc
  • sftp-server may require some libnss modules such as libnss_files. Copy them to chroot's /lib